Gets the authorization information for an instance of this class. The AuthorizationContext contains a collection of ClaimSet that the application can interrogate and retrieve the information of the party.

Use this class to obtain information about a remote security context at runtime. A security context is created when a client is successfully authenticated and authorized to access a method. When a message is successfully authenticated and authorized, the security information from the client and for the current service instance can be obtained from an instance of this class.

You can retrieve an instance of the ServiceSecurityContext from the Current property of the OperationContext class, or use it from within a service operation method, as shown in the following example.

Parsing a ClaimSet

A common use of the class is to retrieve the current set of claims for the purpose of identifying or authorizing a client when accessing a method. The ClaimSet class contains a collection of Claim objects, and each can be parsed to determine whether a specific claim is present. If the specified claim is provided, authorization can be granted. This functionality is provided by overriding the CheckAccessCore method of the ServiceAuthorizationManager class. For a complete example, see the Authorization Policy.

Cookie Mode and IsAuthenticated

Note that under some circumstances, the IsAuthenticated property of the IIdentity interface returns true even if the remote client is authenticated as an anonymous user. (The PrimaryIdentity property returns an implementation of the IIdentity interface.) The following circumstances must be true for this to occur:

The following example uses the ServiceSecurityContext class to provide information about the current security context. The code creates an instance of the StreamWriter class to write the information to a file.

// When this method runs, the caller must be an authenticated user // and the ServiceSecurityContext is not a null instance. publicdouble Add(double n1, double n2)
{
// Write data from the ServiceSecurityContext to a file using the StreamWriter class. using (StreamWriter sw = new StreamWriter(@"c:\ServiceSecurityContextInfo.txt"))
{
// Write the primary identity and Windows identity. The primary identity is derived from // the credentials used to authenticate the user. The Windows identity may be a null string.
sw.WriteLine("PrimaryIdentity: {0}", ServiceSecurityContext.Current.PrimaryIdentity.Name);
sw.WriteLine("WindowsIdentity: {0}", ServiceSecurityContext.Current.WindowsIdentity.Name);
// Write the claimsets in the authorization context. By default, there is only one claimset // provided by the system. foreach (ClaimSet claimset in ServiceSecurityContext.Current.AuthorizationContext.ClaimSets)
{
foreach (Claim claim in claimset)
{
// Write out each claim type, claim value, and the right. There are two // possible values for the right: "identity" and "possessproperty".
sw.WriteLine("Claim Type: {0}, Resource: {1} Right: {2}",
claim.ClaimType,
claim.Resource.ToString(),
claim.Right);
sw.WriteLine();
}
}
}
return n1 + n2;
}

The following example shows an implementation of the CheckAccessCore method that uses the ServiceSecurityContext to parse a set of claims.